By Steve Lipner, Executive Director, SAFECode

After we returned from our visit to Brussels, the SAFECode board held several discussions of the new EU cybersecurity legislation and our experience with government security certification – what has worked well and what hasn’t, and how to create security certification schemes that are effective for both the users and the developers of products and cloud services. We agreed that it might be helpful to the community if we documented our perspective on certifications in more detail than we provided in the blog we posted last December. I agreed to draft a brief white paper documenting the SAFECode perspective on cybersecurity certifications, and we’ve now posted it online:

We know that certifications can be a controversial topic and that there are a lot of perspectives on the subject. We’d love to hear your feedback on the paper – please send it to [email protected]. We’ll try to respond in email and/or a future blog, depending on the volume of feedback and the level of interest.